Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0430

Опубликовано: 23 янв. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

The Mozilla Foundation Security Advisory describes this flaw as: Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 9thunderbird-flatpak-containerAffected
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2023:060006.02.2023
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2023:060606.02.2023
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsthunderbirdFixedRHSA-2023:060106.02.2023
Red Hat Enterprise Linux 8.2 Advanced Update SupportthunderbirdFixedRHSA-2023:060206.02.2023
Red Hat Enterprise Linux 8.2 Telecommunications Update ServicethunderbirdFixedRHSA-2023:060206.02.2023
Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsthunderbirdFixedRHSA-2023:060206.02.2023
Red Hat Enterprise Linux 8.4 Extended Update SupportthunderbirdFixedRHSA-2023:060306.02.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportthunderbirdFixedRHSA-2023:060506.02.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-299
https://bugzilla.redhat.com/show_bug.cgi?id=2166591Mozilla: Revocation status of S/Mime signature certificates was not checked

EPSS

Процентиль: 22%
0.00071
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-0430

CVSS3: 6.5
ubuntu
около 2 лет назад

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

nvd логотип

CVE-2023-0430

CVSS3: 6.5
nvd
около 2 лет назад

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

debian логотип

CVE-2023-0430

CVSS3: 6.5
debian
около 2 лет назад

Certificate OCSP revocation status was not checked when verifying S/Mi ...

rocky логотип

RLSA-2023:0608

rocky
больше 2 лет назад

Important: thunderbird security update

rocky логотип

RLSA-2023:0606

rocky
больше 2 лет назад

Important: thunderbird security update

EPSS

Процентиль: 22%
0.00071
Низкий

7.5 High

CVSS3

Уязвимость CVE-2023-0430